Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://vautodiscpero...

windows10-2004-x64

1

Resubmissions

22/04/2024, 03:56

240422-ehnj4afd9x 1

22/04/2024, 03:54

240422-eggedsfb67 1

Analysis

  • max time kernel
    103s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2024, 03:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://vautodiscperolasdofacebook.emochila.com/emoadmin/index.jsp

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://vautodiscperolasdofacebook.emochila.com/emoadmin/index.jsp"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://vautodiscperolasdofacebook.emochila.com/emoadmin/index.jsp
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1420
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.0.1277539215\2147388812" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e0445d2-58f7-410e-9ef1-c854fb6c58bd} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 1892 21a1172d758 gpu
        3⤵
          PID:4952
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.1.1750935282\1563763299" -parentBuildID 20230214051806 -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48891a15-d4f9-4b0d-8784-d4dd83855f3b} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 2488 21a0488a558 socket
          3⤵
            PID:2880
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.2.1171788063\814138445" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3148 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d61586-83f8-4c5f-8529-0bcbdaf7306a} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 2900 21a14537e58 tab
            3⤵
              PID:2344
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.3.1256901659\1972442963" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21d5f2b2-f7a1-4e06-bfac-fdf91ba51998} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 3660 21a161de558 tab
              3⤵
                PID:1620
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.4.978253371\618740732" -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5240 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b0523c-15af-4f04-9f9f-b98414586a86} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5276 21a17d61a58 tab
                3⤵
                  PID:3232
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.5.1243137896\1893498013" -childID 4 -isForBrowser -prefsHandle 3008 -prefMapHandle 2888 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df05ea69-fa26-4df1-9cd8-4602cce7c1eb} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 2992 21a11db5558 tab
                  3⤵
                    PID:4660
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.6.1435719332\1521292011" -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5572 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f465c2b8-4439-4ebe-b7e9-1b8e20fa4a4b} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5588 21a11db6458 tab
                    3⤵
                      PID:4344
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.7.1067256848\991689001" -childID 6 -isForBrowser -prefsHandle 5796 -prefMapHandle 5792 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c6e2ea3-ac95-41be-ba82-5b927e185e79} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5804 21a11db8b58 tab
                      3⤵
                        PID:2840

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    24KB

                    MD5

                    9ec05cd55518a002d721fc938b45ca0f

                    SHA1

                    0dafc1f9ec6c3a3978a856ea6e6c467cc5198956

                    SHA256

                    4c706ac5dde360a2ee7515aa2fe2d613c171bc136318c1967c2848cda58f5bfa

                    SHA512

                    4e7b5880041d89d5fd58027e7753d0989c60d1e28c2425284041c196790ed3e1092c96002b096cb68f02497f2d00de140eb2c8f04ed344374bcda6252a2e5359

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16364
                    Filesize

                    7KB

                    MD5

                    73099974900dac0be4b2148e9088d6b2

                    SHA1

                    f3ad113bfa80d16954554a466f32d4160d3f6fe7

                    SHA256

                    1984ec83bb85efdae14161e1df2df9005279acf638b5efc1665cdacff1c970a9

                    SHA512

                    f1fdb16c4c21e7b7570a82e8a029ce5dae5509877f2248aea91a4ba846954b100bcf9e8a4801f2dbb2d5cef3c2f8e02219d84e8cba2fab106264c49acf7e51f7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16849
                    Filesize

                    40KB

                    MD5

                    18bbbae60eb502ed8c9dfc9b5d5f426e

                    SHA1

                    2b4a67011b37cdf1a945912dfc61e39f0b752afb

                    SHA256

                    509d4e66acbdb938089e64e240831976e3938fbb0ac8440a58735efc7b7ce954

                    SHA512

                    cd598c33c9162d483456923ed25b0207eb5ad227f50996bfb05836de508b2caa77b26b2fafd9ad59a39ed9302d470839a6e16135fa69e0b8894f218e7c6faf00

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\2443
                    Filesize

                    7KB

                    MD5

                    118b2ec342a5ac9faf3d9cf275b8f907

                    SHA1

                    310a6bce81441de89f5344d51157f9be9fe9bdd6

                    SHA256

                    03f2ebdc1c35b49f4e4ac5525e1bb833367141f7d9801038fad26ef7c5de11c1

                    SHA512

                    8a29c4dfcedb4c7a618a2907f6886ed5ed5722a89b8ec4610b71f1a65efc1ba9aad346baeb6b9bda0f6659f1ebb36ffe3778cff8e63fb21efe24d858f5d0b58b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    a13b37e1710ec4105df714d1600214f5

                    SHA1

                    1dda9190a9dd497c21977643ac91c8cd4646bf7f

                    SHA256

                    f8568d14ea583b6679df54ff596c1451e655230a1f05646a0ace799dbe210b45

                    SHA512

                    a862ab8d8cc2d5beddb15abfb40d042c9cda06634127b1d2d3da2e822fc96407000f09aec8bd639c5ca54433dba84c1d49bade6fc58946b39b4378b5c903896b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    2d8cbde4c643b05063f1c4a83dcff76d

                    SHA1

                    cd8f36922a8a57a41a3b5797ae9b2b44fa115e85

                    SHA256

                    531023a0cfddded00ef9d09d17a28e56b0973a7a582d2a0a92921dc43ac59cba

                    SHA512

                    cb64debfb9d1b25085a40017aeaa2727b8a61ff2ba8b7736b964d0d072ac648d3c404ed69a8e52cc95ba3b1c532c9b6d29315d283276cf5b0ea9fd80dfe0ef52

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    4146563ee2990a659bc5266e87fe5c1d

                    SHA1

                    53badd8b854a5779427841340f7c1fe938a2d1c3

                    SHA256

                    21d87530de3ada98d6f9617374f425090188a87223a8ca808a6280460b42bf50

                    SHA512

                    a41f87cf58577bd1fdcb3258799245455fa4b2362515382fba62ef8dc66465474335871ba29fc2dd43a28a435f3c2dffe0d57da868db5cda9ca1f24745b0adf9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    60e6eecf2d1fb030efd7946862152771

                    SHA1

                    0e8b741d6c74f71bd750f15136a217c3b4a3e377

                    SHA256

                    3782f224cd8fe6a60d32b9677599b3ddafe8ce40b1e8bcb20e6d9862ffb37c9b

                    SHA512

                    a8d9bd4e615e68b42a044ee626ac4fdb89ef3522d983954c24eb6558a4242d022073c65fa599dd9e58906aa533b275a804d9734930c09c64fe1270ac980e0b39

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    e98d63044be9d909625594b237f5f291

                    SHA1

                    2d0e4680b11467b8ba2951fb53a4624c801a029b

                    SHA256

                    1fcb103797191d2ecffdf498fd5b30f711da13f6448c456fd9b3f24f95a9b9bd

                    SHA512

                    7832f939ead5e72714bfb2a0041e149af925e0a475e2e21950ae724e907cef273a1a1a6f7f57caef5e0dcb53453cf6c7a8a1431d4e383f167af1f88a547dd988

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    8fb28d7886ea5f3bf5ef20c61964596b

                    SHA1

                    4ec66b02a1fdebc61d1ad6daad4ace5673afe3e4

                    SHA256

                    6846a29b126f3ff956fdfd3c7864b186ca31bfbf45c7df1e1a18f4c6b2758d4e

                    SHA512

                    1ccd4f0b4a9dfd98d28e26e2decb068e50c01abc1b61595e17ac881ca542156ab717c21c59a8ee6fce0963ce1382711bc000e1bb4ae5795891aa7740a80d0d56

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    37f5c60c5485c2bd3e9798ce6f5ab37d

                    SHA1

                    7071460d9177da71b2e3e8fa23398fa41402149d

                    SHA256

                    a6c45ebd7fd61b9f593194cdd9c089bd5e60f7abb8e3c57a16fb4afeb5d39f99

                    SHA512

                    17f3fecc15ce2ab32b77e14291daea296674b05c3ea1044b90afc807e3c55bfaadac0f76e4825d9128cfc54aaa2f2bc6656b4971484c1d67827c8d3586ae28d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    91bd5967c6a59f0647d3a936217c9a0b

                    SHA1

                    6f509f742367cfb950168333eb5540b61bbb9bbc

                    SHA256

                    c7763db5bf14cd0b1d2dc46a77d42c3c25566ad5eec36fb782a379692c6069c9

                    SHA512

                    df7ed0508320a98cf7590664f4ff0e085db93db258d28e7c2f4700d965ba6870e6c69dfe89a0780fff84fa081cea8eba3132656deb648ebefdce70ad9229deda

                    Download Submit